log fields
by Gustavo Mendes de Carvalho
Hi there,
I would like to get some documentation that can describe, in details,
which fiileds there are present in ldap.log file, and the meaning of
each field.
I need some information about 7th field (op=33 in first line). Where
can I find all codes used in this field ?
Jan 10 11:50:21 ldap01 slapd[10819]: conn=1702 op=33 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Jan 10 11:50:25 ldap01 slapd[10819]: conn=1702 op=34 SRCH
base="uid=gustavo,ou=company,c=org" scope=0 deref=0
filter="(objectClass=*)"
Jan 10 11:50:25 ldap01 slapd[10819]: conn=1702 op=34 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Jan 10 11:50:26 ldap01 slapd[10819]: conn=1702 op=35 SRCH
base="uid=gustavo,ou=company,c=org" scope=0 deref=0
filter="(objectClass=*)"
Jan 10 11:50:26 ldap01 slapd[10819]: conn=1702 op=35 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Jan 10 12:28:13 ldap01 slapd[10819]: conn=1702 op=36 UNBIND
Jan 10 12:28:13 ldap01 slapd[10819]: conn=1702 fd=21 closed
Thanks
---
Gustavo
e-mail: gmcarvalho(a)gmail.com
15 years, 9 months
Change LDAP User's Password
by Le Trung Kien
Hi, I'm confused about ldap authentication.
I'm attempting to use ldap with kerberos 5, when changing an user's
password,
I issused:
user1]$ passwd
Kerberos 5 Password: ******
New UNIX password: ******
Retype new UNIX password: ******
All things go well, however, still have a password don't change, and I don't
know
what this password is. And how to change it.
Still that user, I can't use 'ldappasswd'
user1]$ ldappasswd
SASL/GSSAPI authentication started
SASL username: user1(a)MYREALM.COM
SASL SSF: 56
SASL installing layers
New password: yPYNAgvO <--- this changes frequently
Result: Internal (implementation specific) error (80)
Additional info: SASL(-7): invalid parameter supplied: Error putting OTP
secret
I should emphasize that the user1 has two passwords, the first one can be
changed with 'passwd' or 'kpasswd', the other I don't know how to access it,
although this second password still works and it's can be used to login.
More information:
user1]$ passwd
Kerberos 5 Password: <--- type a wrong password and got following (only the
first password works here)
Enter login(LDAP) password: <--- the second password works here
New UNIX password: ******
Retype new UNIX password: ******
LDAP password information update failed: Insufficient access
passwd: Permission denied
Best Regards.
--
Le Trung Kien.
15 years, 9 months
Best method to set access permissions to third parties application with LDAP
by Benjamin Watine
Hello the list,
I have to use LDAP to define access permissions for many third parties
applications.
So, I wonder what is the best way to organize my LDAP tree. I see two
possibilities :
- Set a LDAP group for each access level of each application, and create
users that belongs to those groups.
ex :
GlobalServiceGroup
|
|__Application1Group
| |__guestGroup
| | |__user1
| | |__user2
| |__userGroup
| | |__user3
| | |__user4
| |__adminGroup
|
|__Application2Group
|__devTeamGroup
| |__user1
| |__user2
| |__user3
| |__user4
|__testTeamGroup
|__adminTeamGroup
The problem of this solution is that I have to set a lot of groups, so
my LDAP tree would became very complex to administrate.
- Another way would be to define my own LDAP classes, with an attribute
for each application that define the access level (guest, user, admin, etc).
The problem of this solution is that I'm not anymore in the standard
LDAP schema, and loose interoperability with standards LDAP clients.
What is the best way to set that. Is there is another possibility than
the two I mentioned before ?
Thank you !
Ben
15 years, 10 months
Export / import ldap database between 2.2.29 & 2.3.27
by asiani@free.fr
Hello,
My source server :
openldap-clients-2.2.29-1.FC3
perl-Net-LDAP-0.3202-1.1.fc3.rf
nss_ldap-220-3
openldap-devel-2.2.29-1.FC3
php-ldap-4.3.11-2.8.4.legacy
smbldap-tools-0.9.1-1.1.fc3.rf
openldap-2.2.29-1.FC3
openldap-servers-2.2.29-1.FC3
My destination server :
openldap-2.3.27-8
openldap-devel-2.3.27-8
perl-LDAP-0.33-3.fc6
php-ldap-5.1.6-15.el5
python-ldap-2.2.0-2.1
nss_ldap-253-5.el5
openldap-servers-2.3.27-8
I export my database from source :
ldapsearch -LLL -x -h localhost -D "cn=Manager,dc=myDomain,dc=com" -w
password -b "dc=myDomain,dc=com" > /backups/ldap/ldap-fs4-$TODAY.ldif
dn: dc=myDomain,dc=com
objectClass: dcObject
objectClass: organization
o: myDomain
dc: myDomain
dn: ou=Users,dc=myDomain,dc=com
objectClass: organizationalUnit
ou: Users
dn: ou=Groups,dc=myDomain,dc=com
objectClass: organizationalUnit
ou: Groups
dn: ou=Computers,dc=myDomain,dc=com
objectClass: organizationalUnit
ou: Computers
dn: cn=NextFreeUnixId,dc=myDomain,dc=com
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
cn: NextFreeUnixId
sn: NextFreeUnixId
gidNumber: 1001
uidNumber: 1154
dn: uid=smbguest3,ou=Users,dc=myDomain,dc=com
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
(...)
and try to add in my destination server :
slapadd -l fichier.ldif
The system failed with this error :
str2entry: invalid value for attributeType objectClass #1 (syntax
1.3.6.1.4.1.1466.115.121.1.38)
slapadd: could not parse entry (line=69)
The database is working well on source server...do y have an idea ?
Thank you very much !
Alain
15 years, 10 months
ldap_search_ext_s: maximum no of entries
by Rakesh Yadav
Hi,
In case of ldap_search_ext_s:
We can pass,how many entries we want.
In my case i can retrieve only 100 entries at a time due to the size limit
of my buffer.
But the ldap search which i am using will return 1000 entries.
Is there any way through which i can retrieve 1000 entries in chunks of 100.
first time i will fetch 100 entries then
again next 100 entries then
again next 100 entries.....
...
...
In this way i will retrieve all the entries.
Please tell me the way of fetching entries from LDAP.
--
Thanks
Rakesh Yadav
15 years, 10 months
Please Help
by Umar Draz
Dear Members!
I recently installed openldap and running successfully but there is some lines i saw in ldap log file.
bdb_equality_candidates: (memberUid) not indexed
bdb_equality_candidates: (sambaDomainName) not indexed
Please help what is this and how i can fix that
Kind Rgards,
Umar Draz
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
15 years, 10 months
OpenLDAP Log format
by Gustavo Mendes de Carvalho
Hi there,
I would like to know where can I find some document describing all
fields and other informations about openldap log file and replication
log file (slurp and syncrepl).
Thanks in advance
---
Gustavo Mendes de Carvalho
e-mail: gmcarvalho(a)gmail.com
15 years, 10 months
loglevel - ip client in logfile
by Christophe Dumonet
Hello from france,
My question is about logs and so loglevel parameter for openldap 2.0 (
yes, this is and older version...! migration is in progress...)
Basically, I want my logs contains IPs clients to do some tuning because
of some CPU overloads occures while we are installing a new RADIUS
client for this LDAP server.
So I try to change my loglevel ( as describe here
http://www.zytrax.com/books/ldap/ch6/#loglevel ) and no IP appears in
logfile while loglevel is set to -1 (or whatever number).
Is it possible ? Is my openldap version too old ? Is there other things
to do ?
Thanks, any help would be appreciate !
Christophe Dumonet.
--
----------------------------------------------------
Christophe Dumonet
Centre de Ressources Informatiques
Institut Francais de Mecanique Avancee (IFMA)
Campus des Cezeaux
BP 265
63175 AUBIERE Cedex
Tel : +33 - 4.73.28.80.64
Fax : +33 - 4.73.28.81.00
Mail : Christophe.Dumonet(a)ifma.fr
----------------------------------------------------
15 years, 10 months
Querying for olcDatabase parameters
by Josh Miller
Good morning,
What is the trick to querying cn=config for olcDatabase entries?
I am running OpenLDAP 2.4.7 with a full directory, converted from
slapd.conf to slapd.d and everything seems to be running just fine. I
can query the directory and I get back all of the entries that I would
expect to find. I have renamed my slapd.conf file to ensure that I am
not relying upon it, yet I don't see any olcDatabase entries when I
query cn=config:
[:user@host:] ldapsearch -x -H ldap://localhost/ -D "cn=config" -b
'cn=config' -W cn=config -LLL
Enter LDAP Password:
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /etc/openldap/slapd.conf
olcConfigDir: /etc/openldap/slapd.d
olcArgsFile: /var/run/openldap/run/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcLogLevel: 256
olcPidFile: /var/run/openldap/run/slapd.pid
olcReadOnly: FALSE
olcSaslSecProps: noplain,noanonymous
olcSecurity: ssf=128
olcSecurity: tls=128
olcSecurity: update_ssf=128
olcSecurity: update_tls=128
olcSecurity: simple_bind=128
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificateFile: /usr/share/ssl/certs/posca3.crt
olcTLSCertificateFile: /etc/pki/tls/certs/host.crt
olcTLSCertificateKeyFile: /etc/pki/tls/certs/host.key
olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2:RSA
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcToolThreads: 1
[:user@host:] ll /etc/openldap/slapd.d/cn\=config
total 64
-rw------- 1 ldap ldap 398 Jan 10 13:22 cn=module{0}.ldif
drwxr-x--- 2 ldap ldap 4096 Jan 10 13:22 cn=schema
-rw------- 1 ldap ldap 38702 Jan 10 13:22 cn=schema.ldif
-rw------- 1 ldap ldap 1163 Jan 10 13:22 olcDatabase={0}config.ldif
drwxr-x--- 2 ldap ldap 4096 Jan 10 13:22 olcDatabase={1}bdb
-rw------- 1 ldap ldap 2827 Jan 10 13:22 olcDatabase={1}bdb.ldif
-rw------- 1 ldap ldap 1236 Jan 10 13:22 olcDatabase={-1}frontend.ldif
TIA,
--
Joshua M. Miller - RHCE,VCP
15 years, 10 months
